C002814 Engineer (Digital Forensics Analysis) (NS) - MON 1 May

Required Start Date: 1 June 2023

End Contract Date: 31 December 2023

Required Security Clearance: NATO SECRET

Duties and Role:

The contracted individual must be able to perform effectively and efficiently with minimal supervision. The contracted individual will be embedded in a Cyber Incident Response team as a technical expert in Digital Forensics.

Within the Cyber Security Operations Branch and reporting to the Incident Analysis and Response Section Head, the duties of the individual mainly focus on:

• Provide technical and expert support for to the 24/7 Cyber Security Incident Analysis and Responses process.
• Execute Digital Forensic Analysis in the form of network, system and memory forensics and capture the results in a technical Analysis report.
• Execute Mobile Forensics and code analysis, predominantly, but not only, on Apple iOS-based hardware.
• Execute Forensics on systems hosted on cloud environments, in IaaS, PaaS and SaaS solution.
• Develop and Maintain the Digital and Network Forensics capability on deployable kits to support Cyber Incident Response.
• Leverage automation and integration mechanisms/tools by writing scripts, preferably in Python or Powershell.
• Write and Review reports on Digital Forensics cases, both at technical level (that could be receivable in courts) and at managerial/executive level (answering the "so what?")
• Identification and Sharing of technical Indicators of Compromise with the other NATO stakeholders, the NATO nations and our different partners, in accordance with our sharing agreements.
• Participate in, or support a Cyber Security Response Team designated to provide Cyber Security Incident Response happening on one or multiple physical locations, including NATO Alliance Operations and Missions.
• Support the production of Standard Operating Procedures covering all aspects of Digital Forensics and Cyber Incident Response.

Requirements

Skill, Knowledge & Experience:

• The candidate must have a currently active NATO SECRET security clearance
• The contracted individual will hold a University degree at a nationally recognised/certified University in a technical subject with substantial Information Technology (IT) content and 3 years post-related experience. The lack of a university/college degree may be compensated by the demonstration of a at least 8 years extensive and progressive expertise in the duties related to the function of the SOW.

The required skillset for the contracted individual is:

• At least 3 years overall demonstrable experience in conducting Digital Forensics.
• Recent experience in mobile forensics and cloud forensics.
• Excellent abilities and demonstrable experience in writing reports, both at technical and executive level, ideally that are receivable in courts.
• Very good understanding of the inner working of modern Operating Systems on Windows and Linux environment, virtual machines, kubernetes and mobile OS (iOS preferably).
• Very good understanding of communication mechanisms on modern internet-facing systems: REST, SOAP, AJAX, MIME, API calls, ...
• Very Good practical experience in developping and understanding modern scripting languages: Python, PowerShell, Javascript
• Good understanding of the TCP/IP stack up to the Application Layer.
• The ability to work independently (while having support of the team), taking initiatives, identifying areas of potential improvement and taking ownership;